English
Related papers

Related papers: Fuzzm: Finding Memory Bugs through Binary-Only Ins…

200 papers

WebAssembly is revolutionizing the approach to developing modern applications. Although this technology was born to create portable and performant modules in web browsers, currently, its capabilities are extensively exploited in multiple…

Cryptography and Security · Computer Science 2025-02-11 Gaetano Perrone , Simon Pietro Romano

Debugging and monitoring programs are integral to engineering and deploying software. Dynamic analyses monitor applications through source code or IR injection, machine code or bytecode rewriting, and virtual machine or direct hardware…

Software Engineering · Computer Science 2025-04-30 Elizabeth Gilbert , Matthew Schneider , Zixi An , Suhas Thalanki , Wavid Bowman , Alexander Bai , Ben L. Titzer , Heather Miller

Fuzzing is an effective bug-finding technique but it struggles with complex systems like JavaScript engines that demand precise grammatical input. Recently, researchers have adopted language models for context-aware mutation in fuzzing to…

Cryptography and Security · Computer Science 2024-02-20 Jueon Eom , Seyeon Jeong , Taekyoung Kwon

Coverage-guided fuzzing's aggressive, high-volume testing has helped reveal tens of thousands of software security flaws. While executing billions of test cases mandates fast code coverage tracing, the nature of binary-only targets leads to…

Cryptography and Security · Computer Science 2022-09-09 Stefan Nagy , Anh Nguyen-Tuong , Jason D. Hiser , Jack W. Davidson , Matthew Hicks

Ever-increasing design complexity of System-on-Chips (SoCs) led to significant verification challenges. Unlike software, bugs in hardware design are vigorous and eternal i.e., once the hardware is fabricated, it cannot be repaired with any…

Hardware Architecture · Computer Science 2025-12-11 Deepak Narayan Gadde , Aman Kumar , Djones Lettnin , Sebastian Simon

Programming errors that degrade the performance of systems are widespread, yet there is little tool support for analyzing these bugs. We present a method based on differential performance analysis---we find inputs for which the performance…

Machine Learning · Computer Science 2020-06-04 Saeid Tizpaz-Niari , Pavol Cerný , Ashutosh Trivedi

Modern fuzzers increasingly use Large Language Models (LLMs) to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant…

Cryptography and Security · Computer Science 2026-05-05 Mario Rodríguez Béjar , B. Romera-Paredes , Jose L. Hernández-Ramos

Despite much recent interest in compiler randomized testing (fuzzing), the practical impact of fuzzer-found compiler bugs on real-world applications has barely been assessed. We present the first quantitative and qualitative study of the…

Software Engineering · Computer Science 2019-09-06 Michaël Marcozzi , Qiyi Tang , Alastair F. Donaldson , Cristian Cadar

Fuzzing is an important dynamic program analysis technique designed for finding vulnerabilities in complex software. Fuzzing involves presenting a target program with crafted malicious input to cause crashes, buffer overflows, memory…

Fuzzing has become a popular technique for automatically detecting vulnerabilities and bugs by generating unexpected inputs. In recent years, the fuzzing process has been integrated into continuous integration workflows (i.e., continuous…

Software Engineering · Computer Science 2026-02-06 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Hajimu Iida

JavaScript (JS) engine vulnerabilities pose significant security threats affecting billions of web browsers. While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent…

Cryptography and Security · Computer Science 2020-01-15 Suyoung Lee , HyungSeok Han , Sang Kil Cha , Sooel Son

Modern hardware systems, driven by demands for high performance and application-specific functionality, have grown increasingly complex, introducing large surfaces for bugs and security-critical vulnerabilities. Fuzzing has emerged as a…

Cryptography and Security · Computer Science 2025-12-29 Lichao Wu , Mohamadreza Rostami , Huimin Li , Nikhilesh Singh , Ahmad-Reza Sadeghi

Coverage-guided fuzzing has been widely applied to address zero-day vulnerabilities in general-purpose software and operating systems. This approach relies on instrumenting the target code at compile time. However, applying it to industrial…

Cryptography and Security · Computer Science 2026-05-12 Carmine Cesarano , Roberto Natella

Vulnerabilities in open-source operating systems (OSs) pose substantial security risks to software systems, making their detection crucial. While fuzzing has been an effective vulnerability detection technique in various domains, OS fuzzing…

Operating Systems · Computer Science 2026-01-21 Kun Hu , Qicai Chen , Wenzhuo Zhang , Zilong Lu , Bihuan Chen , You Lu , Haowen Jiang , Bingkun Sun , Xin Peng , Wenyun Zhao

Coverage-guided fuzz testing has received significant attention from the research community, with a strong focus on binary applications, greatly disregarding other targets, such as web applications. The importance of the World Wide Web in…

Cryptography and Security · Computer Science 2024-07-02 Sebastian Neef , Lorenz Kleissner , Jean-Pierre Seifert

Dynamic analysis and especially fuzzing are challenging tasks for embedded firmware running on modern low-end Microcontroller Units (MCUs) due to performance overheads from instruction emulation, the difficulty of emulating the vast space…

Cryptography and Security · Computer Science 2024-12-18 Florian Hofhammer , Qinying Wang , Atri Bhattacharyya , Majid Salehi , Bruno Crispo , Manuel Egele , Mathias Payer , Marcel Busch

Exponential growth in embedded systems is driving the research imperative to develop fuzzers to automate firmware testing to uncover software bugs and security vulnerabilities. But, employing fuzzing techniques in this context present a…

Cryptography and Security · Computer Science 2023-01-18 Guy Farrelly , Michael Chesser , Damith C. Ranasinghe

Fuzzing has been an important approach for finding bugs and vulnerabilities in programs. Many fuzzers deployed in industry run daily and can generate an overwhelming number of crashes. Diagnosing such crashes can be very challenging and…

Software Engineering · Computer Science 2022-09-07 Ashwin Kallingal Joshy , Wei Le

The purpose of continuous fuzzing platforms is to enable fuzzing for software projects via \emph{fuzz harnesses} -- but as the projects continue to evolve, are these harnesses updated in lockstep, or do they run out of date? If these…

Software Engineering · Computer Science 2025-05-12 Philipp Görz , Joschua Schilling , Thorsten Holz , Marcel Böhme

The eBPF technology in the Linux kernel has been widely adopted for different applications, such as networking, tracing, and security, thanks to the programmability it provides. By allowing user-supplied eBPF programs to be executed…

Cryptography and Security · Computer Science 2023-05-16 Hsin-Wei Hung , Ardalan Amiri Sani